Background documentationEncryption Locate this document in the navigation structure

 

Encrypting the Data Transfer

When your client application (database tool, database application or database interface) and your database are located on different computers, SAP customers can encrypt the data transferred between the client application and the global listener or the installation-specific X server (SAP MaxDB communication server) using SSL/TLS.

Procedure
  1. Configure your SAP system for SSL/TLS encryption.

    For more information, see the Installation documentation.

  2. To encrypt the data transmitted between client application and the global listener/X server of the database, select the corresponding option when you log on to the database.

More Information

Concepts of the Database System,

Encrypting Backups
Prerequisites
Procedure
  1. When creating the backup template for your backup, specify the encryption algorithm and the private key owner in the backup template properties.

  2. Create the backup using this backup template.

Example

Scenario: You want to create encrypted backups and want to be able to use these encrypted backups even if you loose the original private key.

  1. Using sapgenpse, you create a public-private key pair for the database and an additional public-private key pair for emergencies.

    When creating the key pair for the database, you specifiy the following properties for the private key owner and for the certificate owner:

    • CN=<database_name>, for example DEMODB

    • OU=<department_name>, for example DemoDepartment

    • OU=<company_name>, for example DemoCompany

    When creating the key pair for emergencies, you specifiy the following properties for the private key owner and for the certificate owner:

    • CN=<recovery_name>, for example RECOVERY_DEMODB

    • OU=<department_name>, for example DemoDepartment

    • OU=<company_name>, for example DemoCompany

    The private keys are stored in PSE (Personal Secure Environment) files, the public keys are stored in certificates.

  2. Put the PSE file of the key pair for emergencies in a secure location, for example a safe.

  3. In the PSE file for the database, import the certificate of the key for emergencies.

  4. Create your encrypted backups using both owner names.

  5. If you need to recover your database, but have lost the original private key for the database, you can use the private key that was created for emergencies.

More Information

Backing up Databases